Ubuntu focal - ImportError: cannot import name _remove_dead_weakref

I've tried to reinstall Certbot after upgrading to Ubuntu 20.10. The installed version from ubuntus repo errors as below.

I've already deleted the virtualenv environment with:
rm -r /opt/eff.org

And any attempt to use certbot-auto to recreate the virtualenv fails as below.

I've tried to install from the certbot ppa but there is no focal release.

My domain is:

trying to create one

I ran this command:

$ sudo ./certbot-auto

It produced this output:

Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 6, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 5, in
import logging.handlers
File "/usr/lib/python2.7/logging/init.py", line 26, in
import sys, os, time, cStringIO, traceback, warnings, weakref, collections
File "/usr/lib/python2.7/weakref.py", line 14, in
from _weakref import (
ImportError: cannot import name _remove_dead_weakref

My web server is (include version):

The operating system my web server runs on is (include version):

Ubuntu 20.10 FOCAL

My hosting provider, if applicable, is:

Self hosted

I can login to a root shell on my machine (yes or no, or I don't know):


I'm using a control panel to manage my site (no, or provide the name and version of the control panel):


The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.40.0


You are better off upgrading and installing from snapd:

Just choose your web server software

[don't forget to remove the current version of certbot first]


(Is 20.10 released yet? I thought it was still 2-3 weeks away)

/opt/eff.org/ is only used by certbot-auto, which is a standalone portable script, not an Ubuntu package.

certbot-auto is no longer supported on new releases of Ubuntu, which is why you get your error. Whatever you do next, you should remove certbot-auto.

The version of Certbot which you can install from Ubuntu Focal's base repos (0.40, https://packages.ubuntu.com/focal/certbot) should work just fine. You need to call it via certbot, not via certbot-auto. It's about 11 months old, but it should work OK.

If you want to keep up-to-date with the latest releases, snaps are the best way. If you go down that path, remove both certbot-auto and also the certbot apt package.


Unbuntu 20.10 beta ("Groovy Gorilla") was released, but the stable version won't be released until 22 October. All together there are 7 flavors.


Sorry good point 20.04 LTS!

I'm still at apt > snap person.

Will try the snap and delete certbot-auto.

I am trying to create a cert which will work with iOS, I understand that I need EKU and SAN flags. Is there an article anywhere on how to generate an iOS 13 accepted with the new cerbot? I have an openssl conf https://pastebin.com/7cEyv3QG but not sure how to use it with the new certbot.



I'm not sure how OpenSSL is mixed up in this? The certificate is generated by Let's Encrypt, not by OpenSSL on your local computer.

1 Like

Hi - my point was more how do I create an cert which is iOS 13 friendly with certbot? the openssl config has the required EKU and SAN options, I don't know how this translates into certbot creating the equivalent with Let's Encrypt.

1 Like

Well, all the hostnames you'll choose will end up in the SAN (those not a flags by the way, like you've put it earlier, but called "Extensions") and the EKU will always be "serverAuth, clientAuth" which you cannot change.